Risk assessment and risk classification
description
Transcript of Risk assessment and risk classification
www.nr.no
Risk assessment and risk classification
Group Assignment 2 for IMT4571 (2010)
<Names of group members who contributed>
Group x
2IMT4571 - IT Governance November 2010
Assignment positioning
Case / GroupAssignment 1
GroupAssignment 2
Case 2
3IMT4571 - IT Governance November 2010
Background reading
► The security threats for VoIP literature from the 1st assignment is still relevant.
► Browse through the Risk Management papers in ”Resources”->”Background materials” as a source of inspiration!
► Have a real group discussion using chat, messenger, e-mail lists or phone conferences to discuss risk evaluation options! The group discussion is an important part of the learning!
4IMT4571 - IT Governance November 2010
The second Group AssignmentPerform a risk analysis on the given assets, risks and policy.
► Make the 6 tables for asset/risk combinations.Classify them in the tables.▪ Use the risk classification tables at the end of this presentation OR▪ the “Risk Classification” worksheet in the simple excel tool
► Open the “Simple Risk Tool ..” excel sheet. Copy your likelihood/probability results, and fill in the rest of the sheet.Sort the sheet top-down, the most threatening risk (=highest impact) first.
► Write a short essay on whether a high-likelihood-low-impact risk or a low-probability-high-impact risk is worse (500-1000 words)
(you may use this PowerPoint as a template for the assignment)
5IMT4571 - IT Governance November 2010
List of assets
► VoIP routers
► PBX-interface to telephone network
► Emergency calls
► Mobile worker softphone
► Breach of confidentiality
► Theft of phone service & financial loss from false bills
► Unavailability of service
Risks to VoIP
6IMT4571 - IT Governance November 2010
VoIP Router
Likel
Imp
Negli V low Low Med High V High Extr
None
Minor
Med
High
V High
Extr
►Breach of confidentiality
7IMT4571 - IT Governance November 2010
VoIP Router
Likel
Imp
Negli V low Low Med High V High Extr
None
Minor
Med
High
V High
Extr
►Unavailability of service
8IMT4571 - IT Governance November 2010
PBX-interface to telephone network
Likel
Imp
Negli V low Low Med High V High Extr
None
Minor
Med
High
V High
Extr
►Theft of phone service & financial loss on bills
9IMT4571 - IT Governance November 2010
Emergency calls
Likel
Imp
Negli V low Low Med High V High Extr
None
Minor
Med
High
V High
Extr
Unavailability of Service
10IMT4571 - IT Governance November 2010
Mobile worker softphone
Likel
Imp
Negli V low Low Med High V High Extr
None
Minor
Med
High
V High
Extr
Breach of confidentiality
11IMT4571 - IT Governance November 2010
Mobile worker softphone
Likel
Imp
Negli V low Low Med High V High Extr
None
Minor
Med
High
V High
Extr
Unavailability of Service
12IMT4571 - IT Governance November 2010
Risk assessment with the spreadsheet tool
► Use the excel file “Risk Assessment” worksheet to produce your ranked analysis of risks to FLATFISK ASAs VoIP network!
13IMT4571 - IT Governance November 2010
Essay on risk scoring
► max. 1000 words, min. 500 words
► Write a short argument on whether a high-likelihood-low-impact risk or a low-probability-high-impact risk is worse.
14IMT4571 - IT Governance November 2010
250 words
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Maecenas iaculis commodo mauris. Donec blandit nisi. Donec posuere, ante quis luctus vehicula, odio libero venenatis elit, at vulputate justo leo sit amet sem. Integer dui. Vestibulum ut elit. Integer vel est ut mauris aliquet luctus. Sed consequat egestas urna. Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Sed erat nisl, pretium et, condimentum at, scelerisque id, odio. Vivamus bibendum nibh vitae lectus. Sed et neque. Quisque at libero et est porta porta. Aenean ultrices, augue ut sagittis facilisis, magna diam ultrices lacus, quis ullamcorper arcu arcu vitae purus. Etiam mauris. Ut luctus nisi in justo. Praesent odio erat, commodo ut, molestie in, pulvinar eu, mi. Aliquam erat volutpat. Ut nunc. Mauris egestas, leo ac tristique commodo, nulla justo rhoncus risus, id porttitor lorem nulla at nulla.
Suspendisse ultricies ultrices metus. Nulla in turpis. Fusce vehicula interdum est. Nam vitae lectus vitae lacus varius ornare. Nullam scelerisque, sem vel luctus ultricies, mauris enim tincidunt erat, in condimentum est dui commodo leo. Proin in nibh eu urna dictum vestibulum. Curabitur vel justo. Sed interdum, sapien non vestibulum volutpat, magna nunc vulputate enim, a sagittis eros magna vitae urna. Fusce fermentum mi venenatis urna. Pellentesque a felis. Praesent quam. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Curabitur mi dui, lobortis id, mattis at, euismod eget, mauris. Aliquam varius metus quis lacus. Sed et nulla sit amet sem porttitor pharetra. Curabitur tempus ligula ut est. Mauris ac magna in.
2 paragraphs, 250 words, 1642 bytes of Lorem Ipsum